The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted ...
The first proposed catalog of 'configuration smells' reveals widespread issues like context bloat, skill leakage, and conflicting instructions that can make coding agents less reliable and more ...
VS Code 1.26 prevents automatic code execution for new project folders, lets users configure whether code can be executed ...
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub ...
MIT Technology Review and Microsoft rank 101 agent tasks by practitioner confidence. Report generation tops the index while ...
Attackers exploited Langflow vulnerability CVE-2025-3248 to conduct an agentic AI-powered ransomware attack involving reconnaissance, credential theft, and lateral movement.
Visual Studio Code 1.126 adds session-level Copilot cost information, continuing Microsoft's recent focus on helping developers monitor and manage usage-based GitHub Copilot billing.
Amazon Q vulnerability could allow attackers to steal developer cloud credentials by luring them into opening a booby-trapped ...
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
GitHub secret scanning now extends beyond org-owned repositories: Public Monitoring scans all of GitHub.com in real time, ...
The persistent memory system addresses a real and widely felt pain point in agentic development workflows — one that competitors are also racing to solve.